From 173a1e688c258e2fbf4f9df19ce734a5def8f065 Mon Sep 17 00:00:00 2001 From: Qin Long Date: Wed, 26 Aug 2015 00:59:17 +0000 Subject: [PATCH] SecurityPkg: Fix one returned code issue in P7Verify Protocol VerifyBuffer() in PKCS7 Verify Protocol should return EFI_UNSUPPORTED when the embedded content is found in SignedData but InData is not NULL. This patch is to comply with the spec definition. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long Reviewed-by: Chao Zhang git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18311 6f19259b-4bc3-4df7-8a09-765794883524 --- SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c index 13c91382dc..07fdf552be 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c @@ -833,6 +833,13 @@ VerifyBuffer ( return EFI_UNSUPPORTED; } if (AttachedData != NULL) { + if (InData != NULL) { + // + // The embedded content is found in SignedData but InData is not NULL + // + Status = EFI_UNSUPPORTED; + goto _Exit; + } // // PKCS7-formatted signedData with attached content; Use the embedded // content for verification -- 2.39.2